Keep qa-matrix aligned with the repo-private QA policy instead of treating it
as a packaged or published plugin surface. This restores qa-lab to the
non-packaged bundle set and removes qa-matrix publish metadata.
Also tighten the QA packaging docs/example, add a changelog entry for the
split, and lock the non-packaged expectation in the bundled-plugin build-entry
test.
Move optional QA runner install hints onto a generated metadata catalog so the
host no longer needs a Matrix-specific fallback list for missing plugins.
This also tightens the runner contract by rejecting runtime-only commands that
are not declared in manifest metadata, and adds an installed-plugin smoke test
for the generic QA runner loader path.
Avoid loading the qa-lab runtime model-default seam when the Matrix runner was
already given both primary and alternate model refs explicitly.
Behavior stays the same, but the helper becomes easier to read and avoids an
unnecessary runtime dependency on the fully-explicit path.
Route Matrix QA model selection through the qa-lab runtime surface so the live
lane keeps the same preferred-model behavior as the rest of the QA host,
including the Codex OAuth fallback.
This removes the duplicated default table from qa-matrix, adds a narrow helper
around the shared runtime seam, and locks the behavior with a focused test.
Teach qa-lab to discover transport runners from manifest metadata plus a
shared runtime facade instead of hardcoding qa-matrix. The host now mounts
activated runners generically, shows enable guidance for blocked plugins,
and keeps the explicit install hint for missing optional runners.
This also promotes the runner contract into the public SDK, replaces the
matrix-specific host seam, and documents the new manifest/runtime exports so
future QA transports can reuse the same path.
* fix(agents): tighten workspace file opens
* fix(agents): clarify symlink rejection tests
* fix(agents): surface unsafe identity reads
* fix(agents): use non-blocking opens for identity reads and write-mode probes
* fix(fssafe): restore symlink read identity check
* fix(worklog): append comment resolution status
* fix(fssafe): close afterOpen handle leaks
* fix(worklog): append comment resolution follow-up
* fix(worklog): drop internal user file
* fix(agents): rethrow unexpected errors in agents.files.get
* changelog: note agents.files fs-safe routing + fd-first realpath (#66636)
* fix(agents): rethrow unexpected errors in agents.files.set too
Match the narrow-SafeOpenError catch pattern that agents.files.get
(commit 633b8f92) and writeWorkspaceFileOrRespond already use, so a
real OS error (ENOSPC, EACCES, EBUSY, ...) surfaces through normal
gateway error handling instead of being masked as
'unsafe workspace file'.
* test(agents): match fsStat/fsLstat mock signatures
The mock functions are declared as
vi.fn(async (..._args: unknown[]) => Stats | null)
so mockImplementation callbacks must accept ...unknown[], not a
narrowed (filePath: string) argument. The narrower signature
works at runtime but trips tsgo's strict type check; switch to
args[0] unpacking so the callbacks match the hoisted mock shape.
---------
Co-authored-by: Devin Robison <drobison@nvidia.com>
* fix(feishu): harden webhook replay guards
* changelog: note Feishu webhook + card-action fail-closed hardening (#66707)
* fix(feishu): move blank-token check above decodeFeishuCardAction
Run the early-return guard against a missing/blank card-action
token before decoding the card-action payload. Decoding is
side-effect-free so this is a readability + tiny-perf nit, not a
correctness change. Matches Greptile's P2 suggestion.
---------
Co-authored-by: Devin Robison <drobison@nvidia.com>
Fixes#65465. Caps the compaction reserveTokensFloor so that at least min(8 000, 50%) of the context window remains available for
prompt content, preventing the default 20 000-token floor from exceeding the entire context window on small-context local models (e.g. Ollama
16K). The cap is only applied when contextTokenBudget is provided, preserving backward compatibility.
